US Treasury Targets Russian LockBit Ransomware Syndicate Members

According to CryptoPotato, the US Treasury Department's Office of Foreign Assets Control (OFAC) has added several wallet addresses linked to two Russian individuals to its list of specially designated nationals. Artur Sungatov and Ivan Kondratyev face charges related to the deployment of ransomware and their involvement with LockBit, a ransomware syndicate that allegedly stole over $120 million in ransom funds, according to the US Department of Justice. Kondratyev served as a LockBit affiliate and leader of the affiliate sub-group, the National Hazard Society, while Sungatov was also actively engaged in LockBit ransomware attacks in addition to being an affiliate. In collaboration with the UK and various international law enforcement agencies, the US pursued legal action against LockBit, aiming to hold the group accountable for its actions. The Russia-based ransomware group LockBit was first observed in 2019 and is best known for its ransomware variant of the same name. It operates on a Ransomware-as-a-Service (RaaS) model, licensing its ransomware software to affiliated cybercriminals in exchange for a percentage of the paid ransoms. LockBit was the most deployed ransomware variant globally in 2022 and remains prolific today. OFAC's investigation identified LockBit as responsible for the ransomware attack on ICBC, which occurred on November 9, 2023. The attack disrupted ICBC's U.S. broker-dealer, affecting the settlement of over $9 billion worth of assets backed by Treasury securities. Meanwhile, Europol reported that the UK's National Crime Agency took control over the technical infrastructure supporting all aspects of the LockBit service, including their dark web leak site where data stolen from victims during ransomware attacks was previously hosted. According to a recent analysis by Chainalysis, ransomware payments surpassed $1 billion in 2023, marking a record high despite a decline in 2022. The frequency, scale, and magnitude of ransomware attacks increased significantly in 2023, with a diverse range of entities, from large criminal syndicates to smaller groups and individual actors, perpetrating these attacks.